Loading keystore/java/android/security/AndroidKeyStore.java +6 −0 Original line number Diff line number Diff line Loading @@ -535,6 +535,12 @@ public class AndroidKeyStore extends KeyStoreSpi { args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyProperties.UserAuthenticator.allToKeymaster( params.getUserAuthenticators())); long secureUserId = GateKeeper.getSecureUserId(); if (secureUserId == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to import keys requiring user authentication"); } args.addLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, secureUserId); } if (params.isInvalidatedOnNewFingerprintEnrolled()) { // TODO: Add the invalidate on fingerprint enrolled constraint once Keymaster supports Loading keystore/java/android/security/GateKeeper.java 0 → 100644 +30 −0 Original line number Diff line number Diff line package android.security; import android.os.RemoteException; import android.os.ServiceManager; import android.os.UserHandle; import android.service.gatekeeper.IGateKeeperService; /** * Convenience class for accessing the gatekeeper service. * * @hide */ public abstract class GateKeeper { private GateKeeper() {} public static IGateKeeperService getService() { return IGateKeeperService.Stub.asInterface( ServiceManager.getService("android.service.gatekeeper.IGateKeeperService")); } public static long getSecureUserId() throws IllegalStateException { try { return GateKeeper.getService().getSecureUserId(UserHandle.myUserId()); } catch (RemoteException e) { throw new IllegalStateException( "Failed to obtain secure user ID from gatekeeper", e); } } } keystore/java/android/security/KeyStoreKeyGeneratorSpi.java +6 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,12 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyProperties.UserAuthenticator.allToKeymaster( spec.getUserAuthenticators())); long secureUserId = GateKeeper.getSecureUserId(); if (secureUserId == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to generate keys requiring user authentication"); } args.addLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, secureUserId); } if (spec.isInvalidatedOnNewFingerprintEnrolled()) { // TODO: Add the invalidate on fingerprint enrolled constraint once Keymaster supports Loading Loading
keystore/java/android/security/AndroidKeyStore.java +6 −0 Original line number Diff line number Diff line Loading @@ -535,6 +535,12 @@ public class AndroidKeyStore extends KeyStoreSpi { args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyProperties.UserAuthenticator.allToKeymaster( params.getUserAuthenticators())); long secureUserId = GateKeeper.getSecureUserId(); if (secureUserId == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to import keys requiring user authentication"); } args.addLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, secureUserId); } if (params.isInvalidatedOnNewFingerprintEnrolled()) { // TODO: Add the invalidate on fingerprint enrolled constraint once Keymaster supports Loading
keystore/java/android/security/GateKeeper.java 0 → 100644 +30 −0 Original line number Diff line number Diff line package android.security; import android.os.RemoteException; import android.os.ServiceManager; import android.os.UserHandle; import android.service.gatekeeper.IGateKeeperService; /** * Convenience class for accessing the gatekeeper service. * * @hide */ public abstract class GateKeeper { private GateKeeper() {} public static IGateKeeperService getService() { return IGateKeeperService.Stub.asInterface( ServiceManager.getService("android.service.gatekeeper.IGateKeeperService")); } public static long getSecureUserId() throws IllegalStateException { try { return GateKeeper.getService().getSecureUserId(UserHandle.myUserId()); } catch (RemoteException e) { throw new IllegalStateException( "Failed to obtain secure user ID from gatekeeper", e); } } }
keystore/java/android/security/KeyStoreKeyGeneratorSpi.java +6 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,12 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { args.addInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeyStoreKeyProperties.UserAuthenticator.allToKeymaster( spec.getUserAuthenticators())); long secureUserId = GateKeeper.getSecureUserId(); if (secureUserId == 0) { throw new IllegalStateException("Secure lock screen must be enabled" + " to generate keys requiring user authentication"); } args.addLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, secureUserId); } if (spec.isInvalidatedOnNewFingerprintEnrolled()) { // TODO: Add the invalidate on fingerprint enrolled constraint once Keymaster supports Loading
